If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Nodoom.A

It's a few days old but see no mention of this here yet..

"New Worm May Pose as MessageLabs Advisory in Attempt to Spread"

MessageLabs, the world’s largest provider of managed email security services, is today warning computer users against a new worm known as W32/Nodoom.A. As yet, no copies of the worm have been intercepted from the wild. MessageLabs is issuing this advisory due to the fact that the worm refers to a non-existent advisory issued by MessageLabs.

General

The worm contains its own SMTP engine in order to send itself to addresses harvested from infected machines. In order to find target email addresses, W32/Nodoom.A searches files with the following extensions:

.DBX
.EML
.HTM
.HTML
.MBX
.MMF
.NCH
.OCS
.TBB
.TXT

The worm has been programmed to execute during January and February 2004.

W32/Nodoom.A also spoofs the sender field of the email making it difficult to ascertain where the infected file has been sent from.

W32.Nodoom.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all the email addresses it finds in the files with the extensions .dbx, .eml, .htm, .html, .mbx, .mmf, .nch, .ocs, .tbb, or .txt. The "From" address of the email is spoofed.

whats with this...it doesn't do anything but spread? although sometimes that's enough. at least netsky patched the systems it infected and removed reg settings from other virus even though it created a panic

Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”